<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Module: AuthenticatedSystem</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta http-equiv="Content-Script-Type" content="text/javascript" />
  <link rel="stylesheet" href=".././rdoc-style.css" type="text/css" media="screen" />
  <script type="text/javascript">
  // <![CDATA[

  function popupCode( url ) {
    window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
  }

  function toggleCode( id ) {
    if ( document.getElementById )
      elem = document.getElementById( id );
    else if ( document.all )
      elem = eval( "document.all." + id );
    else
      return false;

    elemStyle = elem.style;
    
    if ( elemStyle.display != "block" ) {
      elemStyle.display = "block"
    } else {
      elemStyle.display = "none"
    }

    return true;
  }
  
  // Make codeblocks hidden by default
  document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
  
  // ]]>
  </script>

</head>
<body>



    <div id="classHeader">
        <table class="header-table">
        <tr class="top-aligned-row">
          <td><strong>Module</strong></td>
          <td class="class-name-in-header">AuthenticatedSystem</td>
        </tr>
        <tr class="top-aligned-row">
            <td><strong>In:</strong></td>
            <td>
                <a href="../files/lib/authenticated_system_rb.html">
                lib/authenticated_system.rb
                </a>
        <br />
            </td>
        </tr>

        </table>
    </div>
  <!-- banner header -->

  <div id="bodyContent">



  <div id="contextContent">



   </div>

    <div id="method-list">
      <h3 class="section-bar">Methods</h3>

      <div class="name-list">
      <a href="#M000089">access_denied</a>&nbsp;&nbsp;
      <a href="#M000086">admin?</a>&nbsp;&nbsp;
      <a href="#M000090">authorization_denied</a>&nbsp;&nbsp;
      <a href="#M000085">authorized?</a>&nbsp;&nbsp;
      <a href="#M000083">current_user</a>&nbsp;&nbsp;
      <a href="#M000084">current_user=</a>&nbsp;&nbsp;
      <a href="#M000093">included</a>&nbsp;&nbsp;
      <a href="#M000082">logged_in?</a>&nbsp;&nbsp;
      <a href="#M000095">login_from_basic_auth</a>&nbsp;&nbsp;
      <a href="#M000096">login_from_cookie</a>&nbsp;&nbsp;
      <a href="#M000094">login_from_session</a>&nbsp;&nbsp;
      <a href="#M000087">login_required</a>&nbsp;&nbsp;
      <a href="#M000088">must_be_admin</a>&nbsp;&nbsp;
      <a href="#M000092">redirect_back_or_default</a>&nbsp;&nbsp;
      <a href="#M000091">store_location</a>&nbsp;&nbsp;
      </div>
    </div>

  </div>


    <!-- if includes -->

    <div id="section">





      


    <!-- if method_list -->
    <div id="methods">
      <h3 class="section-bar">Protected Class methods</h3>

      <div id="method-M000093" class="method-detail">
        <a name="M000093"></a>

        <div class="method-heading">
          <a href="#M000093" class="method-signature">
          <span class="method-name">included</span><span class="method-args">(base)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Inclusion hook to make <a
href="AuthenticatedSystem.html#M000083">current_user</a> and logged_in?
available as ActionView helper methods.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000093-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000093-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 101</span>
101:     <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">included</span>(<span class="ruby-identifier">base</span>)
102:       <span class="ruby-identifier">base</span>.<span class="ruby-identifier">send</span> <span class="ruby-identifier">:helper_method</span>, <span class="ruby-identifier">:current_user</span>, <span class="ruby-identifier">:logged_in?</span>
103:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <h3 class="section-bar">Protected Instance methods</h3>

      <div id="method-M000089" class="method-detail">
        <a name="M000089"></a>

        <div class="method-heading">
          <a href="#M000089" class="method-signature">
          <span class="method-name">access_denied</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Redirect as appropriate when an access request fails.
</p>
<p>
The default action is to redirect to the login screen.
</p>
<p>
Override this method in your controllers if you want to have special
behavior in case the user is not authorized to access the requested action.
For example, a popup window might simply close itself.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000089-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000089-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 69</span>
69:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">access_denied</span>
70:       <span class="ruby-identifier">respond_to</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">format</span><span class="ruby-operator">|</span>
71:         <span class="ruby-identifier">format</span>.<span class="ruby-identifier">html</span> <span class="ruby-keyword kw">do</span>
72:           <span class="ruby-identifier">store_location</span>
73:           <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">new_session_path</span>
74:         <span class="ruby-keyword kw">end</span>
75:         <span class="ruby-identifier">format</span>.<span class="ruby-identifier">any</span> <span class="ruby-keyword kw">do</span>
76:           <span class="ruby-identifier">request_http_basic_authentication</span> <span class="ruby-value str">'Web Password'</span>
77:         <span class="ruby-keyword kw">end</span>
78:       <span class="ruby-keyword kw">end</span>
79:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000086" class="method-detail">
        <a name="M000086"></a>

        <div class="method-heading">
          <a href="#M000086" class="method-signature">
          <span class="method-name">admin?</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000086-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000086-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 37</span>
37:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">admin?</span>
38:       <span class="ruby-identifier">logged_in?</span> <span class="ruby-keyword kw">and</span> <span class="ruby-identifier">current_user</span>.<span class="ruby-identifier">login</span> <span class="ruby-operator">==</span> <span class="ruby-value str">&quot;admin&quot;</span>
39:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000090" class="method-detail">
        <a name="M000090"></a>

        <div class="method-heading">
          <a href="#M000090" class="method-signature">
          <span class="method-name">authorization_denied</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000090-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000090-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 81</span>
81:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">authorization_denied</span>
82:         <span class="ruby-identifier">flash</span>[<span class="ruby-identifier">:notice</span>] = <span class="ruby-value str">&quot;You are not authorized to view this page!&quot;</span>
83:         <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">:back</span>
84:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000085" class="method-detail">
        <a name="M000085"></a>

        <div class="method-heading">
          <a href="#M000085" class="method-signature">
          <span class="method-name">authorized?</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Check if the user is authorized
</p>
<p>
Override this method in your controllers if you want to restrict access to
only a few actions or if you want to check if the user has the correct
rights.
</p>
<p>
Example:
</p>
<pre>
 # only allow nonbobs
 def authorized?
   current_user.login != &quot;bob&quot;
 end
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000085-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000085-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 34</span>
34:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">authorized?</span>
35:       <span class="ruby-identifier">logged_in?</span>
36:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000083" class="method-detail">
        <a name="M000083"></a>

        <div class="method-heading">
          <a href="#M000083" class="method-signature">
          <span class="method-name">current_user</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Accesses the current user from the session. Future calls avoid the database
because nil is not equal to false.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000083-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000083-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 12</span>
12:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">current_user</span>
13:       <span class="ruby-ivar">@current_user</span> <span class="ruby-operator">||=</span> (<span class="ruby-identifier">login_from_session</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">login_from_basic_auth</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">login_from_cookie</span>) <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@current_user</span> <span class="ruby-operator">==</span> <span class="ruby-keyword kw">false</span>
14:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000084" class="method-detail">
        <a name="M000084"></a>

        <div class="method-heading">
          <a href="#M000084" class="method-signature">
          <span class="method-name">current_user=</span><span class="method-args">(new_user)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Store the given user id in the session.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000084-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000084-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 17</span>
17:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">current_user=</span>(<span class="ruby-identifier">new_user</span>)
18:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user_id</span>] = <span class="ruby-identifier">new_user</span> <span class="ruby-value">? </span><span class="ruby-identifier">new_user</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">:</span> <span class="ruby-keyword kw">nil</span>
19:       <span class="ruby-ivar">@current_user</span> = <span class="ruby-identifier">new_user</span> <span class="ruby-operator">||</span> <span class="ruby-keyword kw">false</span>
20:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000082" class="method-detail">
        <a name="M000082"></a>

        <div class="method-heading">
          <a href="#M000082" class="method-signature">
          <span class="method-name">logged_in?</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Returns true or false if the user is logged in. Preloads @<a
href="AuthenticatedSystem.html#M000083">current_user</a> with the user
model if they&#8216;re logged in.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000082-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000082-source">
<pre>
   <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 6</span>
6:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">logged_in?</span>
7:       <span class="ruby-operator">!</span><span class="ruby-operator">!</span><span class="ruby-identifier">current_user</span>
8:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000095" class="method-detail">
        <a name="M000095"></a>

        <div class="method-heading">
          <a href="#M000095" class="method-signature">
          <span class="method-name">login_from_basic_auth</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Called from <a href="AuthenticatedSystem.html#M000083">current_user</a>.
Now, attempt to login by basic authentication information.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000095-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000095-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 111</span>
111:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_from_basic_auth</span>
112:       <span class="ruby-identifier">authenticate_with_http_basic</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">username</span>, <span class="ruby-identifier">password</span><span class="ruby-operator">|</span>
113:         <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-constant">User</span>.<span class="ruby-identifier">authenticate</span>(<span class="ruby-identifier">username</span>, <span class="ruby-identifier">password</span>)
114:       <span class="ruby-keyword kw">end</span>
115:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000096" class="method-detail">
        <a name="M000096"></a>

        <div class="method-heading">
          <a href="#M000096" class="method-signature">
          <span class="method-name">login_from_cookie</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Called from <a href="AuthenticatedSystem.html#M000083">current_user</a>.
Finaly, attempt to login by an expiring token in the cookie.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000096-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000096-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 118</span>
118:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_from_cookie</span>
119:       <span class="ruby-identifier">user</span> = <span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>] <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-constant">User</span>.<span class="ruby-identifier">find_by_remember_token</span>(<span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>])
120:       <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">user</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_token?</span>
121:         <span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>] = { <span class="ruby-identifier">:value</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_token</span>, <span class="ruby-identifier">:expires</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_token_expires_at</span> }
122:         <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-identifier">user</span>
123:       <span class="ruby-keyword kw">end</span>
124:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000094" class="method-detail">
        <a name="M000094"></a>

        <div class="method-heading">
          <a href="#M000094" class="method-signature">
          <span class="method-name">login_from_session</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Called from <a href="AuthenticatedSystem.html#M000083">current_user</a>.
First attempt to login by the user id stored in the session.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000094-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000094-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 106</span>
106:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_from_session</span>
107:       <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-constant">User</span>.<span class="ruby-identifier">find_by_id</span>(<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user_id</span>]) <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user_id</span>]
108:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000087" class="method-detail">
        <a name="M000087"></a>

        <div class="method-heading">
          <a href="#M000087" class="method-signature">
          <span class="method-name">login_required</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Filter method to enforce a login requirement.
</p>
<p>
To require logins for all actions, use this in your controllers:
</p>
<pre>
  before_filter :login_required
</pre>
<p>
To require logins for specific actions, use this in your controllers:
</p>
<pre>
  before_filter :login_required, :only =&gt; [ :edit, :update ]
</pre>
<p>
To skip this in a subclassed controller:
</p>
<pre>
  skip_before_filter :login_required
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000087-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000087-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 54</span>
54:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_required</span>
55:       <span class="ruby-identifier">authorized?</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">access_denied</span>
56:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000088" class="method-detail">
        <a name="M000088"></a>

        <div class="method-heading">
          <a href="#M000088" class="method-signature">
          <span class="method-name">must_be_admin</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000088-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000088-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 58</span>
58:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">must_be_admin</span>
59:       <span class="ruby-identifier">admin?</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">authorization_denied</span>
60:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000092" class="method-detail">
        <a name="M000092"></a>

        <div class="method-heading">
          <a href="#M000092" class="method-signature">
          <span class="method-name">redirect_back_or_default</span><span class="method-args">(default)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Redirect to the URI stored by the most recent <a
href="AuthenticatedSystem.html#M000091">store_location</a> call or to the
passed default.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000092-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000092-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 94</span>
94:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">redirect_back_or_default</span>(<span class="ruby-identifier">default</span>)
95:       <span class="ruby-identifier">redirect_to</span>(<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">default</span>)
96:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] = <span class="ruby-keyword kw">nil</span>
97:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000091" class="method-detail">
        <a name="M000091"></a>

        <div class="method-heading">
          <a href="#M000091" class="method-signature">
          <span class="method-name">store_location</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Store the URI of the current request in the session.
</p>
<p>
We can return to this location by calling <a
href="AuthenticatedSystem.html#M000092">redirect_back_or_default</a>.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000091-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000091-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 88</span>
88:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">store_location</span>
89:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] = <span class="ruby-identifier">request</span>.<span class="ruby-identifier">request_uri</span>
90:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>


    </div>


  </div>


<div id="validator-badges">
  <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>

</body>
</html>